Legal Documents API
The Legal Documents API enables Data Protection Officers to generate professional GDPR-compliant documents with minimal effort. This API is specifically designed to support DPOs in meeting their documentation obligations under European data protection law.
Available Document Types
Daisy currently supports generating these GDPR-required document types:
| Document Type | GDPR Relevance | Supervisory Authority Requirements |
|---|---|---|
DPIA | Required by Article 35 for high-risk processing | Must demonstrate systematic assessment of data protection risks |
RECORD_OF_PROCESSING | Required by Article 30 for most organizations | Must be available upon request to supervisory authorities |
PRIVACY_POLICY | Required by Articles 13 & 14 for transparency | Must provide specific information to data subjects |
DATA_PROCESSING_AGREEMENT | Required by Article 28 for processor relationships | Must contain specific contractual safeguards |
BREACH_NOTIFICATION | Required by Articles 33 & 34 for data breaches | Must be provided to authorities within 72 hours |
DATA_SUBJECT_REQUEST_FORM | Facilitates Article 15-22 rights exercises | Must enable data subjects to exercise their rights easily |
For Data Protection Officers
Creating GDPR Documentation
As a DPO, you can generate compliant documentation by providing information about your organization and the specific processing activities. Our AI will analyze this information against GDPR requirements and generate appropriate documentation.
Creating a Data Protection Impact Assessment
When creating a DPIA, you'll need to provide:
- Basic organization information
- Description of the processing activity
- Categories of data being processed
- Legal basis for processing
- Data subject categories
- Data recipients
- Retention periods
- Technical and organizational measures
Our API will then generate a comprehensive DPIA that:
- Systematically describes the processing operations
- Assesses the necessity and proportionality
- Identifies and evaluates risks to data subjects
- Outlines measures to address those risks
Creating Records of Processing Activities (RoPA)
For Article 30 compliance, provide:
- Controller/processor details
- Processing purposes
- Data subject and data categories
- Recipient categories including third countries
- Retention periods
- Security measures
Retrieving and Managing Documents
Once documents are created, you can:
- Retrieve them in multiple formats (HTML, PDF, Markdown)
- Update them when processing activities change
- Maintain version history for audit purposes
- Export them for presentation to supervisory authorities
Preparing for Authority Inspections
The API includes special features for DPOs preparing for supervisory authority inspections:
- Generate comprehensive documentation packages
- Create documentation indexes for authorities
- Export audit-ready compliance records
- Produce timestamp-verified document histories
Integration With Your Privacy Management Workflow
For technical teams supporting DPOs, our API integrates with:
- Enterprise GRC systems: Connect via REST API
- Privacy management platforms: Seamless workflow integration
- Ticketing systems: Link compliance documentation to specific requests
Security and Compliance Considerations
- All API calls must use TLS 1.2+ encryption
- Authentication requires strong API keys
- Document access logs are maintained for audit purposes
- Physical data isolation ensures maximum security
- Regular security assessments maintain the highest standards
Getting Started
Your IT department can help you integrate Daisy into your compliance workflow. For detailed integration instructions, refer them to our developer documentation.
ts
// Or download directly
const pdfBuffer = await daisy.legalDocuments.downloadPdf('doc_123abc456def');API Reference
Create Document
http
POST /api/v1/legal-documentsCreates a new legal document.
Request Body
The request body varies depending on the document type. Here's the general structure:
json
{
"documentType": "DPIA",
"companyName": "Your Company Name",
"companyDetails": {
// Company-specific information
}
// Document type-specific fields
}See our detailed request schema documentation for the specific fields required for each document type.
Response
json
{
"id": "doc_123abc456def",
"documentType": "DPIA",
"status": "processing",
"createdAt": "2025-08-05T12:34:56Z",
"estimatedCompletionTime": "2025-08-05T12:36:56Z"
}Get Document
http
GET /api/v1/legal-documents/{documentId}Retrieves a previously created document.
Response
json
{
"id": "doc_123abc456def",
"documentType": "DPIA",
"status": "completed",
"createdAt": "2025-08-05T12:34:56Z",
"completedAt": "2025-08-05T12:36:23Z",
"content": {
"html": "<!DOCTYPE html><html>...</html>",
"text": "Data Protection Impact Assessment for Example Corp...",
"markdown": "# Data Protection Impact Assessment\n\n## Company: Example Corp..."
}
}List Documents
http
GET /api/v1/legal-documentsLists all documents you've created.
Query Parameters
limit(optional): Number of documents to return (default: 20, max: 100)offset(optional): Pagination offset (default: 0)documentType(optional): Filter by document typestatus(optional): Filter by status (processing,completed,failed)
Response
json
{
"documents": [
{
"id": "doc_123abc456def",
"documentType": "DPIA",
"status": "completed",
"createdAt": "2025-08-05T12:34:56Z",
"completedAt": "2025-08-05T12:36:23Z"
}
// Additional documents...
],
"totalCount": 42,
"hasMore": true
}Best Practices
Providing Detailed Information
The more information you provide, the more tailored the document will be. While our AI can make reasonable assumptions based on your company details, specific information will result in more accurate documents.
Document Customization
After generating a document, you may want to customize it further. You can:
- Download the document in your preferred format
- Make manual edits
- Use our document update API to incorporate specific changes
Handling Long-Running Generations
Document generation can take 1-2 minutes for complex documents. We recommend:
- Using the WebSocket API for real-time updates
- Implementing a polling mechanism to check document status
- Setting up webhook notifications (available on Business and Enterprise plans)
Need Help?
WebSocket Events
The API uses WebSocket events for real-time updates during document generation and iteration.
Message Response Events
typescript
// Event: daisy.event.message-response
interface MessageResponse {
threadId: string; // Document ID
content: string; // Message content
messageId: string; // Unique message ID
name: string; // Sender name
type: 'ai' | 'tool'; // Message type
toolName?: string; // Tool name if applicable
}
// Event: daisy.event.message-response-finished
interface MessageComplete {
threadId: string; // Document ID
}Usage Examples
Creating a New Document
typescript
const response = await fetch('/legal-documents', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
documentType: 'DPIA',
clientCompanyId: 'client_company_id',
}),
});
const document = await response.json();Questionnaire Flow
typescript
// 1. Submit answer
await fetch(`/legal-documents/${documentId}/questionnaire/answers`, {
method: 'POST',
body: JSON.stringify({
questionId: 'question_id',
answer: 'User response',
}),
});
// 2. Generate draft
await fetch(`/legal-documents/${documentId}/draft`, {
method: 'POST',
});
// 3. Finalize document
await fetch(`/legal-documents/${documentId}/generate`, {
method: 'POST',
body: JSON.stringify({
questionsToFinalize: [
{
question: 'Additional question',
answer: 'Final answer',
},
],
}),
});Document Iteration
typescript
// Connect to WebSocket
socket.on('daisy.event.message-response', (data) => {
console.log('Received update:', data.content);
});
// Send iteration request
await fetch(`/legal-documents/${documentId}/iterate`, {
method: 'POST',
body: JSON.stringify({
message: 'Please improve section 3',
}),
});Error Handling
Common Error Codes
400 Bad Request: Invalid input parameters401 Unauthorized: Authentication required403 Forbidden: Insufficient permissions404 Not Found: Document or resource not found500 Internal Server Error: Server-side error
Error Responses
typescript
interface ErrorResponse {
error: {
message: string;
code: string;
details?: any;
};
}Best Practices
1. Document Creation
- Verify client company exists before creation
- Use appropriate document type
- Implement proper error handling
- Monitor document status
2. Questionnaire Handling
- Validate question IDs
- Store answers incrementally
- Implement auto-save
- Handle validation errors
3. Document Generation
- Monitor generation progress
- Handle timeouts
- Implement retry logic
- Validate outputs
Security Considerations
Authentication
- All endpoints require authentication
- Use session-based auth
- Verify organization access
- Monitor suspicious activity
Data Protection
- Validate input data
- Sanitize outputs
- Encrypt sensitive data
- Implement audit logs
Access Control
- Verify user permissions
- Check organization scope
- Validate document ownership
- Log access attempts
Monitoring
Key Metrics
Performance
- Generation time
- Response times
- Error rates
- Queue length
Usage
- Documents created
- Iterations performed
- Completion rate
- User engagement
Quality
- Generation success
- User satisfaction
- Error frequency
- Iteration count
Rate Limits
- Maximum 10 requests per minute per user
- Maximum 5 concurrent generations
- Maximum 100 iterations per document
- Maximum content length: 100,000 characters
Webhooks
Configure webhooks to receive notifications for:
- Document creation
- Draft generation
- Document finalization
- Document updates
typescript
interface WebhookPayload {
event: 'document.created' | 'document.drafted' | 'document.finalized';
documentId: string;
organizationId: string;
timestamp: string;
data: {
documentType: string;
status: string;
// ... other relevant data
};
}